ANSWER RATING
+1
- +1
0
You Voted:
Last Answered:
Jan 20 2009 6:53 PM GMT
by Unicityd 
20 pts.
Latest Contributors: Flame 14495 pts.
Though a few years old (2004) this
discussion thread supplies a lot of useful information on anti-sniffing methods. Most of these methods deal with handling the people side of the problem. This
article also supplies some information of interest.
Good Luck!
-Flame
Using SSH, IPSec or other solutions to encrypt your traffic would probably be the best solution. It's not invulnerable; even if the crypto holds up (it should) someone can steal the keys. You should also be using switches and not hubs. Switches prevent passive sniffing attacks and require attackers to flood the switch or do a man-in-the-middle attack to read most traffic. You should also use port security on your switches. Port security (as implemented by Cisco) allows you to restrict the number of MAC addresses that can communicate through each physical switch port. If the switch detects a second MAC address it can either shut down the port, refuse to accept traffic from the new address, or alert the network administrator through an SNMP trap. Since attackers spoof additional MAC addresses in order to conduct the man-in-the-middle and flooding attacks which allow them to sniff on a switched network, this will prevent most sniffing.
Regards,
Unicityd
Intrusion detection, Packet sniffers, Packet Sniffing, Sniffers, Network security
Hello Guys.
